Submit Your Article Forum Rules

Results 1 to 6 of 6

Thread: WordPress suffers root level hack

  1. #1
    Senior Member alphaomega's Avatar
    Join Date
    Apr 2004
    Location
    Sunshine Coast, Australia
    Posts
    566

    WordPress suffers root level hack

    wordpress source code may be in the hands of the bad guys, after the blogging service saw its servers hacked.


    wordpress.com was on the wrong end of a root level attack this week, although the fallout could have been significantly worse than it was, according to a security expert.
    Hackers gained root level access to servers at wordpress’ parent company Automattic, meaning “potentially anything on those servers could have been revealed,” wordpress founder Matt Mullenweg admitted on a blog.
    He presumed the wordpress source code was copied by hackers, but it appeared “information disclosed was limited.”
    Mullenweg said there was no evidence user passwords had been taken.
    Despite the serious implications of the compromise, one security expert claimed the aftermath could have been much worse for wordpress.
    “Although the hackers would have been able to download much of the source code on the servers, possibly including custom-developed code of premium clients of the company, wordpress appears to have followed best practice and encrypted the password files, as well as private information such as credit card details," said Phil Lieberman, president of identity management specialist Lieberman Software.
    "Media reports over the last day or so have played up the hack as if it is the end of the world for the blogging industry, when it plainly isn't. By encrypting user credentials and associated data, wordpress has followed the advice of the IT security professionals," he added.
    wordpress was hit by another hack attack just last month, when a huge Distributed Denial of Service (DDoS) strike caused “sporadic slowness” on the site.
    “This time around, it looks as though the company has taken a sensible approach to security and reasoned that, even if hackers get through its external defences, as has clearly happened, they can limit the damage that has been done,” Lieberman added.
    “Other high-profile organisations should take notice [of] this planned defensive strategy.”
    This article originally appeared at itpro.co.uk
    Last edited by alphaomega; 04-18-2011 at 02:25 AM. Reason: One mistake

  2. #2
    Senior Member
    Join Date
    Dec 2007
    Posts
    479
    They are in a tough position if you ask me... the .com and .org split is definitely controversial if you ask me.

    I think perhaps going open source to closed, is not as easy as it might look? Could be anything really, maybe it was governments going after people?
    Last edited by MrGamm; 04-18-2011 at 04:33 AM.

  3. #3
    Senior Member
    Join Date
    Dec 2007
    Posts
    479
    That being said, Matt the founder has done a lot for everybody.
    Last edited by MrGamm; 04-18-2011 at 04:34 AM.

  4. #4
    WebProWorld MVP morestar's Avatar
    Join Date
    Jun 2007
    Location
    Toronto, Ontario (Burlington)
    Posts
    4,157
    Geez that's really bad news for Wordpress, I guess I'm glad to say I'm not a member there anymore after my suspension.

    I wonder what the hack3rs wanted...

  5. #5
    Member
    Join Date
    Jan 2012
    Posts
    46
    Quote Originally Posted by morestar View Post
    Geez that's really bad news for Wordpress, I guess I'm glad to say I'm not a member there anymore after my suspension.
    dont worry, your password is still in the database...

    anyways, no security notification was issued yet about a backdoored version of WP so we'll see.

  6. The following user agrees with qdb:
  7. #6
    WebProWorld MVP williamc's Avatar
    Join Date
    Jul 2003
    Location
    On a really big hill in Kentucky
    Posts
    4,538
    Quote Originally Posted by qdb View Post
    dont worry, your password is still in the database...
    Agreed, yet again why you should always use different passwords everywhere.
    William Cross
    Web Development by Those Damn Coders
    Firearm Friendly Websites because our constitution matters

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •